VLANs + NAT + DHCP

salad · April 21, 2009, 6:05pm

Hi folks,

I’m wondering if someone can help me out with this little issue: As those of you who run bridged with management VLANs know, it is impossible to access an SM without tagging the frames coming from your tech’s laptop. In a Prizm/BAM environment a VLAN profile will get pushed to an SM as soon as it authenticates… making alignments by techs pretty difficult.

My big idea was to have a “tech” VLAN profile where the management and untagged ingress VIDs are the same. Leaving NAT on, they can still reach 169.254.1.1 even after the radio has linked up and been assigned an IP by Prizm. What would be even better is if they could get at our intranet while the radio was still like that.

Thing is, the SMs won’t NAT to the management IP. If a NAT Public IP is entered manually it works great. However, when set to DHCP the SM never grabs an address. Since this is a lab environment I have verified that the server indeed works (took of NAT and got an IP on my PC). Packet captures show that the proper response is being sent back to the SM, but it just hangs there forever.

My basic configuration:

Active Configuration Untagged Ingress VID : 303
Management VID : 303
SM Management VID Passthrough : Enabled
Dynamic Ageing Timeout : 25
Allow Learning : No
Allow Frame Type : All Frame Types

Current VID Member Set:
VID Number   Type   Age
--------------------------
303     Permanent     0

LAN1 Network Interface

Ethernet Interface :  100Base-TX Full Duplex
IP address :  169.254.1.1
Subnet Mask :  255.255.255.0
DHCP status :  DHCP not enabled

RF Public Network Interface (Valid only when NAT enabled with public addressing)
IP address :  192.168.69.50
Subnet Mask :  255.255.255.0
Gateway IP address :  192.168.69.1
DHCP status :  DHCP not enabled

NAT Public Network Interface (Valid only when NAT enabled)
IP address :  0.0.0.0
Subnet Mask :  0.0.0.0
Gateway IP address :  0.0.0.0
DHCP status :  Initiating IP Discovery…

dhcpd.conf:

subnet 192.168.69.0 netmask 255.255.255.0 {
        range 192.168.69.201 192.168.69.249;
        option domain-name-servers 205.189.48.3, 205.189.48.6;
        option ntp-servers 192.168.69.1;
        option routers 192.168.69.1;
        option subnet-mask 255.255.255.0;
        option broadcast-address 192.168.69.255;
        default-lease-time 600;
        max-lease-time 1200;
}

Running firmware 9.0 on a P10 900 MHz SM.